Looking for Guidance on Rocky Linux Optimization to Become a High-Performance Web Server

Hello Everyone :hugs:,

I’m using Rocky Linux to build up a high-performance web server right now, and I would really appreciate some advice and suggestions from this experienced group.

These are the details of my configuration:

Server specifications:

  • Two Intel Xeon E5-2680 v4 CPUs
  • Memory: 128 GB DDR4
  • 2TB NVMe SSD storage (with redundancy via RAID 1)
  • Network: Dedicated 1 Gbps Uplink

Goal:

  • Having several popular websites hosted
  • Using several Dockerized apps
  • database administration with PostgreSQL and MySQL
  • File backup and storage

I need guidance in the following areas and have a few specific questions:

Kernel and Performance Tuning: What sysctl configurations or kernel parameters are suggested to maximise performance for this type of task? Are there any particular setups for Rocky Linux that can assist optimise hardware capabilities? :thinkidea:

Security Best Practices: Which security configurations and tools are really necessary to safeguard the server? :thinkidea:

Recommendations for intrusion detection systems, firewall configurations, and best practices for SSH security are of special interest to me.
Securing A Web Server uipath

Backup Solutions: In particular, for huge databases and container data, can you recommend dependable and effective backup techniques and solutions that work well with Rocky Linux? :thinkidea:

Monitoring and Maintenance: Which methods and instruments work best for keeping an eye on the functionality and health of servers? :thinkidea:

Optimisation for Web Hosting: Do you have any particular suggestions for tuning Docker, MySQL/PostgreSQL, and Apache/Nginx for a Rocky Linux web server environment with a lot of traffic? :thinkidea:

Thank you :pray: in advance for your guidance.

I don’t know why this ended up in “Off Topic”, or why akismet marked it as spam, but some of the questions sound a bit staged, like it was written by a bot.

It’s a bit over-generalized, define “high performance”. One way to acheive it would be to forget dockerizing, forget code, forget databases, forget https and stick to serving plain text. e.g. you pre-stage the text using a content management system, then synch it to the production server. This also makes it hard to hack.

Any web infrastructure, hosting popular high traffic sites, is going to attacked within minutes. The overhead of a silly AI protector is going to kill the “high performance”.

In the context of Rocky, be careful of the word “docker” and think instead about “podman”.